The major syntax changes that including changing the "rdr" directive to "rdr-to" occurred with the release of OpenBSD 4.7. The two releases supported at this time are 5.3 and 5.4.

From the pf.conf(5) man page for OpenBSD 4.6, the "no rdr" sytax was shown in this example:

Code:

In the example below, packets bound for one specific server, as well as
those generated by the sysadmins are not proxied; all other connections
are.
no rdr on $int_if proto { tcp, udp } from any to $server port 80
no rdr on $int_if proto { tcp, udp } from $sysadmins to any port 80
rdr on $int_if proto { tcp, udp } from any to any port 80 \
-> 127.0.0.1 port 80

The syntax was simplified. With rdr-to directives usable with either pass or match rules, the equivalent to the no rdr rule is not needed. Here is the same example, from the 5.4 version of the same man page:

Code:

In the example below, packets bound for one specific server, as well as
those generated by the sysadmins are not proxied; all other connections
are.
pass in on $int_if proto { tcp, udp } from any to any port 80 \
rdr-to 127.0.0.1 port 80
pass in on $int_if proto { tcp, udp } from any to $server port 80
pass in on $int_if proto { tcp, udp } from $sysadmins to any port 80

Last edited by jggimi; 13th December 2013 at 06:33 PM.
Reason: clarity